Knowledgebase: CYREN Email Security
Definition of subtypes to the category "dangerous"
Posted by Karsten Kaus on 23 June 2016 03:00 PM

Applies to: eXpurgate, dangerous, categories, file type, file extension, attachment, virus

Modified on: 07/05/2016

Description: 

Emails being classified as 'dangerous' are only potentially dangerous - they may link to the hard drive, contain an executable file, iframes or code snippets. All of these elements could possibly damage a computer system.

The category 'dangerous' consists of several sub categories:

  • dangerous.attachment
  • dangerous.iframe
  • dangerous.code
  • dangerous.virus
  • dangerous.virus-outbreak

dangerous.attachment:

The email includes an attachment with an extension that is potentially dangerous in a Windows environment (e.g. it opens and is executed by double click).

Currently, these file types are considered potentially dangerous and are therefore classified as dangerous.attachment:
ade, adp, app, asp, bas, bat, bhx, cab, ceo, chm, cmd, com, cpl,
crt, csr, der, exe, fxp, hlp, hta, inf, ins,isp, its, js, jse,
lnk, mad, maf, mag, mam, mar, mas, mat, mde, mim, msc, msi,
msp, mst, ole, pcd, pif, reg, scr, sct, shb, shs, vb, vbe,
vbmacros, vbs, vsw, wmd, wmz, ws, wsc, wsf, wsh, xxe, docm, xlsm
 
This is also true if one of the above mentioned attachments is contained in one of the following (password protected) archives:
arj, cab, jar, lha, rar, tar, zip

dangerous.iframe:

The email contains the HTML element iframe.

dangerous.code:

The email contains JavaScript or other elements that are known as being an insecure protocol or linking to local (Windows)drives.

dangerous.virus:

The email contains a file that is detected as a virus by a virus scanner. Cyren is currently using Avira SAVAPI.
This category is only available for customers with virus protection enabled in their license. If anti-virus is not included, 'dangerous.virus' emails will be classified as 'dangerous.attachment'.

dangerous.virus-outbreak:

Like 'dangerous.attachment' but currently seen in great numbers on Cyren's servers.
This category is only available for customers with virus protection enabled in their license. If anti-virus is not included, 'dangerous.virus-outbreak' emails will be classified as 'dangerous.attachment'.

(0 vote(s))
Helpful
Not helpful